Author Topic: AvastEmUpdate.exe infected or false positive?  (Read 5072 times)

0 Members and 1 Guest are viewing this topic.

Frosty_JG

  • Guest
AvastEmUpdate.exe infected or false positive?
« on: October 25, 2012, 05:00:28 PM »
Hello, my first post here. I've got a problem, I've scanned my system with Avira and BitDefender from a bootable Linux DVD ("Desinfect", from a German magazine) after a memory scan with Avast got me a strange result (I'll probably open an extra topic about that later), and AvastEmUpdate.exe in the Avast program folder (from the newest version of Avast, 7.0.1473) is listed by Bitdefender as infected by "Gen:Variant.Zusy.22497" I've uploaded the file to the online Scanner Jotti, you can see the results here: http://virusscan.jotti.org/de/scanresult/8114f2894e0db2a2c608bf1e14895a4a028d2d53 (edit:  just to avoid any confusion, the file got the ending .virus because Desinfect renamed so it can't be executed in case it's a real virus)
Then I wondered whether I could reproduce this on another system and installed Avast on my Laptop (after deinstalling my old scanner, of course) and uploaded the AvastEmUpdate.exe from the Laptop to Jotti as well, with the same result. Since I didn't exchange data between my laptop and regular PC in quite a while, it's unlikely both are infected with the same virus, so I wonder whether anyone here can shed some light on this. Can anyone here reproduce this result?
I've got the German language version of Avast, I don't know whether the AvastEmUpdate.exe is the same eveywhere, so I'm not sure you can reproduce my problem.
Any help would be appraciated. Thanks in advance.

Edit: On my regular PC, I have Windows 7, 64 bit, and on my Laptop Windows Vista, 32 bit, though I don't think that's important in this case.
« Last Edit: October 25, 2012, 05:10:16 PM by Frosty_JG »

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11848
    • AVAST Software
Re: AvastEmUpdate.exe infected or false positive?
« Reply #1 on: October 25, 2012, 05:09:46 PM »
It's just a false positive from BitDefender.

Frosty_JG

  • Guest
Re: AvastEmUpdate.exe infected or false positive?
« Reply #2 on: October 25, 2012, 05:19:31 PM »
Thank you very much for the quick reply. :)  As can be seen in the link I posted, on Jotti not only BitDefender but also F-Secure and G Data identify the file as "Gen:Variant.Zusy.22497". Do these scanners share similar scan engines/signature databases? Because three scanners reporting the file as infected had me a bit worried.
So this is an issue that's already known?

Offline Charyb-0

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2508
Re: AvastEmUpdate.exe infected or false positive?
« Reply #3 on: October 25, 2012, 05:45:44 PM »
Thank you very much for the quick reply. :)  As can be seen in the link I posted, on Jotti not only BitDefender but also F-Secure and G Data identify the file as "Gen:Variant.Zusy.22497". Do these scanners share similar scan engines/signature databases? Because three scanners reporting the file as infected had me a bit worried.
So this is an issue that's already known?

BitDefender uses BitDefender engine/defs.
GDATA uses BitDefender engine/defs and Avast engine/defs.
F-Secure uses BitDefender engine/defs and their own in-house engine.

All Bitdefender related.
« Last Edit: October 25, 2012, 05:58:35 PM by Charyb »

Tetsuo

  • Guest
Re: AvastEmUpdate.exe infected or false positive?
« Reply #4 on: October 25, 2012, 06:23:58 PM »
I got this same false positive from Emsisoft Emergency Kit which also uses Bitdefender scan engine.

Frosty_JG

  • Guest
Re: AvastEmUpdate.exe infected or false positive?
« Reply #5 on: October 26, 2012, 02:54:34 PM »
Ah, okay, thanks for the help. :)